The Payoff From California’s “Data Dividend” Must Be Stronger Privacy Laws

The Payoff From California’s “Data Dividend” Must Be Stronger Privacy Laws

California Governor Gavin Newsom, in his first State of the State Address, called for a “Data Dividend” (what some are calling a “digital dividend”) from big tech. It’s notyetclear what form this dividend will take. We agree with Governor Newsom that consumers deserve more from companies that profit from their data, and we suggest that any “dividend” should take the form of stronger data privacy laws to protect the people of California from abuse by the corporations that harvest and monetize our personal information.

In his February 12 address, Governor Newsom said:

California is proud to be home to technology companies determined to change the world. But companies that make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it. Consumers have a right to know and control how their data is being used.

I applaud this legislature for passing the first-in-the-nation digital privacy law last year. But California’s consumers should also be able to share in the wealth that is created from their data. And so I’ve asked my team to develop a proposal for a new Data Dividend for Californians, because we recognize that your data has value and it belongs to you.

Strengthen the California Consumer Privacy Act

We agree with Governor Newsom that technology users and other Californians have “a right to know and control how their data is being used.”

That’s why California began the process of protecting consumer data privacy last year. Specifically, it enacted the law that Governor Newsom described in his address: the California Consumer PrivacyAct (CCPA). The CCPA provides consumers the right to know what personal information companies have collected from them, the right to opt-out of the sale of that information, and the right to delete some of that information.

EFF and other data privacy advocates will work this year to strengthen the CCPA. For example, California needs a private cause of action to enforce the CCPA, so consumers who suffer violations of their data privacy can hold accountable the corporations that violated their rights. The California Attorney General supports this expansion of CCPA enforcement power. The CCPA also should require opt-in consent before corporations share consumers’ data, and not just opt-out consent from corporations selling their data. Presumptions matter, and corporations may share personal information without selling it. Further, California needs a stronger right to know, including better “data portability,” meaning the right to obtain a machine-readable copy of one’s data.

Sadly, some big tech companies will work this year toweaken the CCPA. The privacy movement will resist their efforts.

With this legislative storm brewing, we are buoyed by Governor Newsom’s address. It signals his intent to stand up for the data privacy of Californians. We hope he will work with privacy advocates to strengthen the CCPA.

No Pay-For-Privacy

Some observers have speculated that by “Data Dividend,” Governor Newsom means payments by corporations directly to consumers in exchange for their personal information.

We hope not. EFF strongly opposes “pay-for-privacy” schemes. Corporations should not be allowed to require a consumer to pay a premium, or waive a discount, in order to stop the corporation from vacuuming up—and profiting from—the consumer’s personal information. It is not a good deal for consumers to get a handful of dollars from companies in exchange for surveillance capitalism remaining unchecked.

Privacy is a fundamentalhumanright. It is guaranteed by the California Constitution. The California Supreme Court has ruled that this constitutional protection “creates a right of action against private as well as government entities.”

Pay-for-privacy schemes undermine this fundamental right. They discourage all people from exercising their right to privacy. They also lead to unequal classes of privacy “haves” and “have-nots,” depending upon the income of the user.

The good news is that the CCPA contains a non-discrimination rule, which forbids companies from discriminating against a consumer because the consumer exercised one of their CCPA privacy rights. For example, companies cannot deny goods, charge different prices, or provide different level of quality. The bad news is that the CCPA’s non-discrimination clause has two unclear and potentially far-reaching exceptions. This year, privacy advocates will seek to eliminate these exceptions, and some business groups will seek to expand them.

We hope Governor Newsom will join us in the fight against pay-for-privacy, and for strong legal protection of consumer data privacy. As the Governor powerfully explained this week: “Consumers have a right to know and control how their data is being used.”

Related Updates

The full weight of U.S. policing has descended upon protesters across the country as people take to the streets to denounce the police killings of Breonna Taylor, George Floyd, and countless others who have been subjected to police violence. Along with riot shields, tear gas, and other crowd control...

Your phone is your life. It’s where you communicate, get your news, take pictures and videos of your loved ones, relax and play games, and find a significant other. It can track your health, give you directions, remind you of events, and much more. It’s an incredibly helpful tool, but...

EFF has joined a broad coalition of civil liberties, civil rights, and labor advocates to oppose A.B. 2261, which threatens to normalize the increased use of face surveillance of Californians where they live and work. Our allies include the ACLU of California, Oakland Privacy, the California Employment Lawyers Association, Service...

In the wake of nationwide protests against the police killings of George Floyd and Breonna Taylor, we urge protestors to stay safe, both physically and digitally. Our Surveillance Self Defense (SSD) Guide on attending a protest offers practical tips on how to maintain your privacy and minimize your digital...

With states beginning to ease shelter-in-place restrictions, the conversation on COVID-19 has turned to questions of when and how we can return to work, take kids to school, or plan air travel.Several countries and U.S. states, including the UK, Italy, Chile, Germany, and California, have expressed interest in...

When it comes to surveillance of our online lives, Internet service providers (ISPs) are some of the worst offenders. Last year, the state of Maine passed a law targeted at the harms ISPs do to their customers when they use and sell their personal information. Now that law is...

COVID-19, and containment efforts that rely on personal data, are shining a spotlight on a longstanding problem: our nation’s lack of sufficient laws to protect data privacy. Two bills before Congress attempt to solve this problem as to COVID-19 data. One is a good start that needs improvements. The other...

In a landmark decision, the German Constitutional Court has ruled that mass surveillance of telecommunications outside of Germany conducted on foreign nationals is unconstitutional. Thanks to the chief legal counsel, Gesellschaft für Freiheitsrechte (GFF), this a major victory for global civil liberties, but especially those that live and...